Although Google has made some key security acquisitions and added talented security pros to its team, many IT and security managers still won’t trust their enterprise applications to the company’s cloud offerings.

Wait and See

Despite Google’s assurances, the transparency issue remains a big sticking point with security professionals. Many, such as Arce of Core Security, believe that being open about security practices is not only reassuring, but also adds a greater level of peer review and security robustness that can’t be developed in a secretive environment—even among the talented pool of workers Google employs.

“Transparency is what helps you improve,” Arce says. “It allows other people to help identify problems so you can fix them. We favor transparency as a practice as much as possible, and we think it should be embraced by Google.”

Balding of CloudSecurity.org agrees, noting that Google needs to open a dialogue with the security community. “There is not enough security dialogue going on, and as a security guy, I find that scary,” he says. “Where is the accountability? I’m sure they’ll solve this problem because they have a lot of smart people at Google, but I don’t think big business will move on this until they are certain the risks are being addressed.”

Core Security’s Arce believes it’s too early to pass judgment on Google’s security practices and its transparency issues. He is hopeful, though, that Google will come around to the security industry’s perspective. “Google has a unique opportunity to change the security mindset of the big security vendors, and I think they can push that change,” he says. “It would be great if they actually did it.”